beautypg.com

Tcrmessengerdisabled – IBM Tivoli and Cisco User Manual

Page 453

background image

Chapter 8. Remediation subsystem implementation

435

4. Run the

sputil.sh

command to create the software package block and

publish it on the Web Gateway. To achieve this run the following commands:

cd $BINDIR/tcmremed/download
cd TCRZLSoftwareRunning
$BINDIR/tcmremed/bin/sputil.sh -p Sample.properties

5. Verify the result of running the tool with the following command:

wlookup -ar SoftwarePackage | grep TCRZLSoftwareRunning

If the package was created the result will look like below (the number in the
middle of the resulting string will be different in your environment as it is
meant to be unique and is associated with Tivoli Management Region
number):

TCRZLSoftwareRunning^1.0 1406765930.1.843#SoftwarePackage::Spo#

TCRMessengerDisabled

The

TCRMessengerDisabled

workflow was defined in the

SERVICE_DISABLED_WF parameter in the Messenger Service Disabled policy
to be used when the compliance check generated a FAIL or WARNING status.
This is the second type of the two workflows called by the
nac.win.any.services.PostureService collector. It is called during the remediation
of a violation when the service that should be disabled is not.

To build the remediation package follow the steps described below:

1. Open a command prompt, import the environment variables for the Tivoli

Framework, and start bash. Then create a directory for the workflow files. To
do this issue the following commands:

cmd /k %SystemRoot%\system32\drivers\etc\Tivoli\setup_env.cmd
bash
cd $BINDIR/tcmremed/download
mkdir TCRMessengerDisabled
cd TCRMessengerDisabled

2. Create the very simple Windows batch file named

disableMessengerService.bat, which contains only one line shown below:

sc config Messenger start= disabled

Copy this batch file to the TCRZLSoftwareDisabled directory.

3. Create the configuration file for the sputil.sh utility containing the instructions

on how to build the package. Create the Sample.properties file in the

Important: Make sure that there is no space between the word

start

and

the equals sign (

=

). Also make sure there is a space between

start=

and

the word

disabled

.

See also other documents in the category IBM Hardware: